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DETAILED ACTION 

1 . This action is issued in response to applicant filed request for continued 
examination (RCE) on 03/27/2007. 

2. Claims 9, 17, and 22 have been amended. No claims were added. Claims 1- 8, 
15-16, and 24 - 32 were canceled. 

3. Claims 9-14, and 17- 23 are pending in this application. 

Response to Arguments 

4. Applicant's arguments with respect to amended claims 9, 17, and 22 have been 
considered but are moot in view of the new ground(s) of rejection. 

Claim Objections 

5. Examiner makes note that claim 17 erroneously has status as "original", even 
though applicant has amended limitations of such claim. 

Information Disclosure Statement 



6. The information disclosure statement (IDS) was submitted on 12/04/2006, and 
1 1/07/2006.The submission is in compliance with the provisions of 37 CFR 1 .97. 
Accordingly, the information disclosure statement is being considered by the examiner. 
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Continued Examination Under 37 CFR 1.114 

7. A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1 .1 7(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on 

1 0/1 1 /2006 has been entered. 

Claim Rejections - 35 USC § 103 

8. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

9. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 
were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
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consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

10. Claims 9-11,13- 14, 17 - 19, and 22 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Botz et al. (Botz hereinafter) (US Patent App. Pub. No. 
2003/0177388 A1, filed: March 15, 2002) in view of Kao et al. (Kao hereinafter) (US 
Patent No. 6,651 ,1 68 B1 , filed January 29, 1 999). 

Regarding Claim 9, Botz discloses a method comprising: 

receiving a credential from a user at an input device in communication with a 
local machine having an OS (Page 1 and 2, [0007] and [0033], lines 1 1 - 13, and 3 - 5 
and 10-11, Botz 1 ). 

Botz also discloses a plurality of input devices (Fig. 13, items 1402, 1404, and 
1400, Page 10, [0141], lines 3-5, Botz). However, Botz does not explicitly disclose a 
plurality of different input devices. On the other hand, Kao discloses: the local machine 
capable of being in communication with a plurality of different input devices each 
configured to enable the user to log on with the OS to access the local machine (Fig. 1 
A, items 222, 220, 210, 208, 212, and 224, Col. 8, lines 22 - 26 and 38 - 48, Kao). 

It would have been obvious to one of ordinary skill in the art at the time the 
invention was made to incorporate the Kao's teachings to the system of Botz. Skilled 
artisan would have been motivated to do so, as suggested by Kao (Col. 2, lines 25 - 28, 
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Kao), to provide a flexible way to provide diverse user authentication mechanisms and 
processes for a stand alone computer system or for a computer network. In addition, 
both of the references (Botz and Kao) teach features that are directed to analogous art 
and they are directed to the same field of endeavor, such as, databases management 
systems, receiving credentials, and authentication. This close relation between both of 
the references highly suggests an expectation of success. 

Furthermore, the combination of Botz and Kao discloses: 
translating the credential with one of a plurality of different coexisting credential 
provider modules for translating respectively different types of credentials into a 
common credential protocol (Page 1, [0007], lines 13-17, Botz 2 ), the plurality of 
different coexisting credential provider modules also enabling the user to log on with the 
OS to access the local machine with each corresponding different input device that is in 
communication with local machine (Fig. 13, items 1402, 1404, and 1400, Page 10, 
[0141], lines 3-5, Botz; and Fig. 1 A, items 222, 220, 210, 208, 212, and 224, Col. 8, 
lines 22 - 26 and 38 - 48, Kao); 

using a component of the OS to authenticate the translated credential having the 
common credential protocol against a credential database (Page 1 , [0008], lines 6-9, 
Botz 3 ); and 



1 Wherein the step of forwarding implies the step of receiving the credential claimed. And wherein the 
user ID and password corresponds to the credential claimed. 

2 Wherein the authenticated user identity corresponds to the credential (being translated) claimed; the 
initial authentication unit corresponds to one of different coexisting credential provider modules claimed; 
and the local user identity corresponds to the common credential protocol claimed. 

3 Wherein the step to subsequent authenticate corresponds to the step to authenticate claimed. 
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logging the user on with the OS to access the local machine when the 
authentication is successful (Page 3, [0034], lines 7-13, Botz 4 ). 

Regarding Claim 10, the combination of Botz in view of Kao discloses a method, 
wherein the logging of the user on further comprises logging the user on to the local 
machine after a plurality of said credentials have been received, translated by a 
respective said different coexisting credential provider module, and authenticated 
successfully (Page 7, [0094], lines 6-10, Botz 5 ). 

Regarding Claim 1 1 , the combination of Botz in view of Kao discloses a method, 
wherein the user is not logged on to the local machine at the time when the translated 
credentials are authenticated (Page 7, [0094], lines 6-10, Botz). 

Regarding Claim 13, the combination of Botz in view of Kao discloses a method, 
wherein each said credential provider module is interoperable, through a credential 
provider API, to the component of the OS (Fig. 4, item 402, Page 5, [0071], lines 1 - 4, 
the interfaces services, Botz). 



4 Wherein the step of sign-on corresponds to the step of logging the user claimed. 

5 Wherein the step of using the policy information, including trust policy and initial authentication, to 
signing the user on (Page 7, [0094], lines 1 - 6, Botz) corresponds to the step of logging the user 
claimed. In addition, Botz discloses the use of a plurality of credentials as claimed (Page 7, [0101], lines 3 
-14, Botz). 
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Regarding Claim 14, the combination of Botz in view of Kao discloses a 
computer-readable medium comprising instructions that, when executed by a computer 
(Page 2, [0030], lines 1 -4, Botz). 

Regarding Claim 17, the combination of Botz in view of Kao discloses a method 
comprising: 

receiving a credential from a user at an input device in communication with a 
local machine having an OS (Page 1 and 2, [0007] and [0033], lines 1 1 - 13, and 3 - 5 
and 10-11; respectively, Botz 6 ), the local machine capable of being in communication 
with a plurality of different input devices, each capable of receiving a credential from the 
user to enable the user to log on to access the local machine with the OS (Fig. 13, items 
1402, 1404, and 1400, Page 10, [0141], lines 3-5, Botz; and Fig. 1 A, items 222, 220, 
210, 208, 212, and 224, Col. 8, lines 22 - 26 and 38 - 48, Kao); 

translating the credential with a credential provider module that corresponds to 
the input device (Page 1 and 3, [0007] and [0046], lines 13 - 17 and 1 - 10; 
respectively, Botz 7 ), wherein: 

the credential provider module is one of a plurality of coexisting different 

said credential provider modules (Page 3, [0042], lines 1 - 5, a particular server 

within a defined trust set of servers, Botz); and 



6 Wherein the step of forwarding implies the step of receiving the credential claimed. And wherein the 
user ID and password corresponds to the credential claimed. 

7 Wherein the step of identifying to a particular server (Page 3, [0046], lines 4-8, Botz) corresponds to 
the step of translating to the corresponding input device claimed. 
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each said credential provider module can perform a translation of a 
respectively different type of said credential received at a different said input 
device in communication with the local machine (Page 1 and 4, [0007] and 
[0050], lines 13 - 17 and 1 - 6; respectively, Botz); and 

each said translation of each said credential is in a common credential 
protocol (Page 1, [0007], lines 13-17, Botz 8 ); 

communicating the translated credential having the common credential protocol 
through a credential provider interface to a logon Ul routine of the OS (Page 7, [0090], 
lines 1 - 5, Botz 9 ); 

passing the translated credential having the common credential protocol to a 
logon routine of the OS from the logon Ul routine (page 7, [0091], lines 1 - 4, Botz); 

authenticating the translated credential against a credential database with the 
logon routine of the OS (Page 1 and 7, [0008] and [0092], lines 6 - 9 and 1 - 5; 
respectively, Botz 10 ); and 

logging the user on to access the local machine with the OS when the 
authentication is successful (Page 3 and 7, [0034] and [0094], lines 7 - 13 and 6-10; 
respectively, Botz 11 ). 



Wherein the local user identity corresponds to the common credential protocol claimed. 
9 Wherein the identity translation token (ITT) and/or the identity translation token reference (ITTR) 
correspond to the translated credential claimed. And wherein the server's interface services correspond 
to the credential provided interface claimed. Botz specifically discloses the logon Ul routine in Page 7, 
[0092], and lines 1 - 8. 

0 Wherein the step of performing subsequent authentication corresponds to the step of authenticating 
claimed. 

11 Wherein the step of sign-on corresponds to the step of logging the user claimed. 
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Regarding Claim 18, the combination of Botz in view of Kao discloses a method, 
wherein the logging the user on to access the local machine with the OS further 
comprises deferring the logging on of the user to access the local machined until the 
receiving, the translating, the communicating, the passing, and the authenticating 
successfully have been repeated for each of a plurality of said credentials (Page 7, 
[0094], lines 6 -10, Botz 12 ). 

Regarding Claim 19, the combination of Botz in view of Kao discloses a method, 
wherein the user is not logged on to access the local machine when the translated 
credentials are authenticated against the credential database with the logon routine of 
the OS (Page 7, [0094], lines 6-10, Botz). 

Regarding Claim 21 , the combination of Botz in view of Kao discloses a 
computer-readable medium comprising instructions that, when executed by a computer, 
perform the method of claim 17 (Page 2, [0030], lines 1-4, Botz). 

Regarding Claim 22, the combination of Botz in view of Kao discloses a 
computer-readable medium comprising a credential provider module including 
instructions that, when executed by a local machine having an OS, receive and 
translate a credential into a credential protocol so as to be compatible for authentication 

12 Wherein the step of using the policy information, including trust policy and initial authentication, to 
signing the user on (Page 7, [0094], lines 1 - 6, Botz) corresponds to the step of logging the user 
claimed. In addition, Botz discloses the use of a plurality of credentials as claimed (Page 7, [0101], lines 3 
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by an authentication component of the OS against a credential database for logging a 
user identified by the credential on with the OS to access the local machine when the 
authentication is successful, wherein: 

the translated credential can be received via an interface to the authentication 
component of the OS (Page 1 and 2, [0007] and [0033], lines 11 - 13, and 3 - 5 and 10 
-11; respectively, Botz 13 ); 

the interface (Fig. 3, items 314, and 316, Page 4, [0058], lines 1 - 4, Botz) to the 
authentication component of the OS is compatible for receiving each of a plurality of 
said credentials (Page 1 and 2, [0007] and [0033], lines 1 1 - 13, and 3 - 5 and 10 - 13; 
respectively; wherein the step of forwarding implies the step of receiving the credential 
claimed. And wherein the user ID and password corresponds to the credential claimed; 
Botz) from a corresponding plurality of different coexisting credential provider modules 
(Page 1 and 4, [0007] and [0050], lines 13 - 17 and 1 - 6, multiple security user 
registries of multiple computer platforms; respectively, Botz); and 
each said different coexisting credential provider module can: 

receive a respective different type of said credential from a respective 
input device (Fig.10, items 1104, 1108, 1110, and 1112, Page 9, [0123], lines 8- 
1 1 , Botz 14 ), each respective input device capable of coupling to the local machine 
and enabling the user to log on with the OS to access the local machine (Fig. 13, 

- 14, Botz). By signing the user on after the information if authenticated, the system is deferring the 
signing on or logging on. 

13 Wherein the step of forwarding implies the step of receiving the credential claimed. And wherein the 
user ID and password corresponds to the credential claimed. 
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items 1402, 1404, and 1400, Page 10, [0141], lines 3-5, Botz; and Fig. 1 A, 
items 222, 220, 210, 208, 212, and 224, Col. 8, lines 22 - 26 and 38 - 48, Kao); 
and 

translate each said different type of said credential into the credential 
protocol so as to be compatible for authentication by the authentication 
component of the OS against the credential database (Page 3, [0039], lines 1 - 
6, an infrastructure to support run-time cooperation between disparate security 
registry user, Botz). 

11. Claims 12, 20, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Botz et al. (Botz hereinafter) (US Patent App. Pub. No. 
2003/0177388 A1, filed: March 15, 2002), in view of Kao et al. (Kao hereinafter) (US 
Patent No. 6,651,168 B1, filed January 29, 1999), and further in view of Axel et al. 
(Axel hereinafter) (US Patent App. Pub. No. 2004/0139355 A1, filed: November 7, 
2002). 

Regarding Claim 12, the combination of Botz in view of Kao discloses all the 
limitations as disclosed above including a method, wherein the use of the component of 
the OS to authenticate the translated credential having the common credential protocol 
against the credential database further comprises: 



14 Wherein examiner interprets the step where a first user signs on using Public Key infrastructure (PKI), 
and a second user signs on using Kerberos (Page 9, [0123], lines 8-11, Botz) as the step of receiving 
different type of credential from respective input device as claimed. 



Application/Control Number: 10/693,585 Page 12 

Art Unit: 2162 

communicating the translated credential to an LSA (Page 7, [0090], lines 1 - 5, 
Botz 15 ); and 

determining the authentication with the LSA against the credential database 
(Page 7, [0090], lines 6-9, Botz 16 ) that is selected from the group consisting of: 

a local database other than the SAM database (Page 5, [0069], lines 3 - 
5, local user registry, Botz); 

a remote credential database (Page 5, [0067], lines 12-14, LDAP- 
accessible storage, Botz 17 ); 

a token protocol credential service (Page 9, [0133], lines 2-6, HyperText 
Transfer Protocol (HTTP), Botz); 

a challenge and response protocol service (Page 9, [0133], lines 1 - 6, 
HyperText Transfer Protocol (HTTP), Botz 18 ); 

In addition, the combination of Botz in view of Kao further discloses KDC (Fig. 
10, item 1 102, Kerberos, Botz). However, the combination of Botz in view of Kao is 
silent with respect to a SAM database; and an AD at a domain remote from the local 
machine. On the other hand, Axel discloses a system including a SAM database (Page 
2, [0018], lines 3-5, Axel); an AD (Page 2, [0017], lines 4-5, Axel) and KDC at a 

15 Wherein examiner interprets the AIT domain controller as the LSA claimed; and the identity translation 
token (ITT) and/or the identity translation token reference (ITTR) as the translated credential claimed. 

16 Wherein the step of validating the translated token using a copy of the signing value retained at the AIT 
domain controller corresponds to the step of determining the authentication against the credential 
database as claimed. In addition, Botz further discloses that this controller utilizes databases to store the 
information (Page 6, [0086], lines 3-7, Botz). 

17 Wherein the LDPA-accessible storage corresponds to the remote credential database claimed. The 
reason is because this storage is retrieved upon a server session, which would imply a remote session. 
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domain remote from the local machine (Page 2, [0017], lines 1-3, Axel); and an LSA 
(Page 2, [0021], lines 1-2, Axel). It would have been obvious to one of ordinary skill in 
the art at the time the invention was made to incorporate the Axel's teachings to the 
system of the combination of Botz in view of Kao. Skilled artisan would have been 
motivated to do so, as suggested by Axel (Page 1 , [0002], lines 1 - 4, Axel), to provide 
access to various password-enabled computer network elements through the use of a 
single password enabled network element. In addition, the applied references (Botz, 
Kao, and Axel) teach features that are directed to analogous art and they are directed to 
the same field of endeavor of databases management systems, such as, authentication, 
and login users. This close relation between the applied references highly suggests an 
expectation of success. 

Regarding Claim 20, the combination of Botz in view of Kao and further in view of 
Axel discloses a method, wherein the authenticating of the translated credential against 
the credential database with the logon routine of the OS further comprises: 

communicating the translated credential to an LSA from the logon routine of the 
OS (Page 7, [0090], lines 1 - 5, Botz 19 ; and Page 2, [0021], lines 1 - 2, LSA, Axel); and 

determining the authentication with the LSA against the credential database 
(Page 7, [0090], lines 6-9, Botz 20 ; and Page 2, [0021], lines 1 - 2, LSA, Axel) that is 
selected from the group consisting of: 

16 Wherein the feature of extracting corresponds to the challenge claimed; and the feature of passing 
corresponds to the response claimed. 

19 Wherein examiner interprets the AIT domain controller as the LSA claimed; and the identity translation 
token (ITT) and/or the identity translation token reference (ITTR) as the translated credential claimed. 
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a SAM database (Page 2, [001 8], lines 3-5, Axel); 

a local database other than the SAM database (Page 5, [0069], lines 3 - 
5, local user registry, Botz); 

a remote credential database (Page 5, [0067], lines 12-14, LDAP- 
accessible storage, Botz 21 ); 

a token protocol credential service (Page 9, [0133], lines 2-6, HyperText 
Transfer Protocol (HTTP), Botz); 

a challenge and response protocol service (Page 9, [0133], lines 1 - 6, 
HyperText Transfer Protocol (HTTP), Botz 22 ); and 

an AD (Page 2, [0017], lines 4-5, Axel) and KDC at a domain remote 
from the local machine (Page 2, [0017], lines 1 - 3, Axel; and Fig. 10, item 1102, 
Kerberos, Botz). 

Regarding Claim 23, the combination of Botz in view of Kao and further in view of 
Axel discloses a computer-readable medium, wherein the authentication component of 
the OS comprises: 

a logon Ul module (Page 6, [0076], lines 1 - 5, Botz); 



Wherein the step of validating the translated token using a copy of the signing value retained at the AIT 
domain controller corresponds to the step of determining the authentication against the credential 
database as claimed. In addition, Botz further discloses that this controller utilizes databases to store the 
information (Page 6, [0086], lines 3-7, Botz). 

21 Wherein the LDPA-accessible storage corresponds to the remote credential database claimed. The 
reason is because this storage is retrieved upon a server session, which implies a remote session. 

22 Wherein the feature of extracting corresponds to the challenge claimed; and the feature of passing 
corresponds to the response claimed. 
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an OS logon module for receiving Remote Procedure Call (RPC) calls from the 
log Ul module (Page 6, [0083], lines 1 - 5, remote sign-on, Botz); and 

an LSA for determining the authentication, and in communication with, the 
credential database (Page 7, [0090], lines 6-9, Botz 23 ) that is selected from the group 
consisting of: 

a SAM database (Page 2, [0018], lines 3-5, Axel); 

a local database other than the SAM database (Page 5, [0069], lines 3 - 
5, local user registry, Botz); 

a remote credential database (Page 5, [0067], lines 12-14, LDAP- 
accessible storage, Botz 24 ); 

a token protocol credential service (Page 9, [0133], lines 2-6, HyperText 
Transfer Protocol (HTTP), Botz); 

a challenge and response protocol service (Page 9, [0133], lines 1-6, 
HyperText Transfer Protocol (HTTP), Botz 25 ); and 

an AD (Page 2, [001 7], lines 4-5, Axel) and KDC at a domain remote 
from the local machine (Page 2, [0017], lines 1 -3, Axel; and Fig. 10, item 1102, 
Kerberos, Botz). 



Wherein the step of validating the translated token using a copy of the signing value retained at the AIT 
domain controller corresponds to the step of determining the authentication against the credential 
database as claimed. In addition, Botz further discloses that this controller utilizes databases to store the 
information (Page 6, [0086], lines 3-7, Botz). 

24 Wherein the LDPA-accessible storage corresponds to the remote credential database claimed. The 
reason is because this storage is retrieved upon a server session, which implies a remote session. 

25 Wherein the feature of extracting corresponds to the challenge claimed; and the feature of passing 
corresponds to the response claimed. 
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Prior Art Made Of Record 

1 . Botz et al. (US Patent App. Pub. No. 2003/01 77388 A1 , filed: March 1 5, 2002) 
discloses authenticated identity translation within a multiple computing unit environment. 

2. Axel et al. (US Patent App. Pub. No. 2004/01 39355 A1 , filed: November 7, 
2002) discloses a method and system of accessing a plurality of network elements. 

3. Hartman et al. (US Patent No. 6,807,636 B2) discloses methods and apparatus 
for facilitating security in a network. 

4. Kao et al. (US Patent No. 6,651,168 B1, filed January 29, 1999). 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Giovanna Colan whose telephone number is (571 ) 272- 
2752. The examiner can normally be reached on 8:30 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Breene can be reached on (571) 272-4107. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Giovanna Colan 
Examiner 
Art Unit 21 62 

May 30, 2007 / 




